A Bitcoin, Blockchain & Cryptocurrency blog

November 27, 2016November 27, 2016

INTERVIEW: Sergio Demián Lerner @ RSK

Earlier this year I remember listening to an episode of the Bitcoin Knowledge podcast and being intrigued by the subject matter – bringing smart contracts to Bitcoin. That episode’s guest was Diego Gutierrez Zaldivar and he was discussing the RootStock project. Originally founded in 2015 and publishing their white paper later in the year, RSK is the company behind that project.

Described as, ‘a smart contract platform with a 2-way peg and merge-mining to the Bitcoin Blockchain’, RSK have just released their Testnet Network, Turmeric. I recently caught up with RSK founder Sergio Demián Lerner for an in depth interview to find out more…

What is your background and how did you first become involved in the blockchain space?

SDL: My background is Computer Science and Information Security. I was very lucky to discover Bitcoin in 2011. I was amazed and I started auditing the code immediately. By 2012 I had responsibly disclosed seven critical vulnerabilities, which led me to know the core development team very well. By 2013 I decided to dedicate myself full-time to Bitcoin. I was also lucky to be part of the seed conversations in the bitcointalk forum where most of the current blockchain technologies were born. I contributed with lots of ideas: DAGCoin inspired the Iota and ByteBall cryptocurrency designs; P2PTradeX was the basis for Blockstream Sidechain design; AppeCoin inspired other anonymization technologies; the Tick-method for allowing transaction reversal inspired Emin Gun Sirer to shape the “Bitcoin Vaults” design. And the list goes on. At those times every thread in the forums was innovating in a direction of unknown repercussions.

But in 2013, apart from the core devs and a close group of Bitcoin geeks, I knew very few other Bitcoiners. And, strange as it sounds, I didn’t have a single bitcoin yet, so I decided to buy some. But I needed to convince myself of the stability of the market so I got interested in what market forces existed, which led me to begin forensic/data mining research on early Bitcoin mining, which led me to accidentally uncover the accounts and amounts believed to belong to Satoshi, which I posted on my blog. And that single post, having more than 35K hits in two days, made me suddenly very “popular”. The post led me to know Wences Casares (Xapo’s CEO) who was evangelizing about Bitcoin, and he kindly invited me to the 2013 San Jose Bitcoin Conference. And that conference, which concluded with attendants dancing wildly on stage while the group “Zou Tonged” wearing Guy Fawkes masks sang Bitcoin liberation songs, was the beginning of a new stage in my life.

RSK is described as, ‘the first open-source smart contract platform with a 2-way peg to Bitcoin’. Can you explain how it works and give us an example use case?

The security of RSK is provided by the same Bitcoin miners using the merged mining technique. To be able to interact with Bitcoin, RSK works as a Bitcoin Sidechain. A Sidechain (or 2-way peg) allows coins to be transferred between two different blockchains at a fixed conversion rate. To transfer cryptocurrency from a main chain to a secondary chain, they are “locked” in the main chain and unlocked in the secondary chain. To transfer the coins back, the opposite occurs. A built-in smart-contract ensures that they can never be “unlocked” on both blockchains.

When Bitcoins are transferred into the RSK blockchain, the bitcoins are called Smart Bitcoins (SBTC). There is no currency issuance in RSK mining nor there is pre-mine: all SBTCs are created from bitcoins coming from the Bitcoin blockchain. RSK is also backwards-compatible with Ethereum, so Ethereum distributed applications can be easily ported to RSK and achieve greater security, faster execution and greater interoperability with Bitcoin.

You’ve just released Turmeric, which is the start of the RSK Test Network? Can you give us more detail on that?

SDL: RSK is based on four technical pillars: the two-way peg, the federation, merge-mining and the smart contracts virtual machine. Turmeric is a full-featured release that has beta implementations of these four pillars and therefore is fully-functional from the user perspective.

Security is listed as Rootstock’s main priority – how exactly is the RSK blockchain secured and what have you learnt from The DAO?

SDL: We can analyze RSK security at different levels: platform design security, core development security, reference implementation security, transaction consensus security, two-way-peg security, and Dapps application security. Each of these levels are addressed with specific protocols, procedures, proactive and reactive measures. Some of the measures are already in-place and others are being implemented.

The platform design is the result of several years of academic research, public debate, simulations and tests: RSK design has considered all theoretical attacks known to date.

Core development security is addressed by deterministic builds, RSK server security, individual developer’s security procedures, high trust within the development team, checksums and threshold-signatures for releases, code-review and other standard auditing practices.

The security of the reference code is based on a clean and commented codebase, programmed in the most popular used programming language with high test-coverage. Also it will be third party audited by more than one team.

Transaction consensus security is managed by a combination of merge-mining and a federation. The combination of these two layers provides defense in depth: merge-mining provides proof-of-work so other (non-mining) actors cannot reverse blocks while the federation provides block checkpoints announcements that prevent miners from colluding to reverse the blockchain. While the federation could try use their checkpointing power to censor blocks, full node clients are not forced to obey federation checkpoints: if a node is not in-sync with the majority of the federators it will present the user a big warning notice and wait for user confirmation. Forcing user interaction on a disagreement between miners and the federation works as a deterrent against silent attacks, because there can’t be disagreement if not because of an attack, or a critical consensus bug.

The peg security relies on two layers also: a multi-signature created by at least 51% of the federators and the acknowledgement of at least 51% of the Bitcoin merge-miners. RSK has established security procedures for the management of the RSK federation node and the private keys associated that prevent single weak links and software monoculture. Therefore hacking a single operating system, library or entity cannot yield all the private keys. As the federators are mainly cryptocurrency exchanges, they already have baseline security procedures, so following security procedures is part of their job.

Dapps application security is supported by three lines of work: first, we enhanced the VM to prevent high-level bugs common to smart-contract programming, such as the ones present in the DAO. Second we’ll be publishing well-tested and matured tools for developers, such as new compilers and static-checkers. Third, we are contributing to the community to establish best practices for smart-contract programming.

Last, we plan to work closely with the community and open a bug bounty program for users to securely report vulnerabilities on any part of the system and be rewarded accordingly.

I’ve read that RSK can scale to 100 transactions per second (tps) – the same as PayPal. How does it achieve this without compromising decentralisation? And how do you plan to solve the scaling issue of a blockchain with a high tps rate?

SDL: There is always a trade-off between on-chain tps and decentralisation. An imaginary blockchain that creates a single block per day could run on every smartphone in the world, while a blockchain that does 1K tps can only run on high-end servers. Bitcoin is in the middle, closer to the full decentralization end, while RSK is still in the middle but closer to the high-end servers end. However, RSK users won’t need to choose between the two extremes of running a full node or running a 100% “verification blind” SPV node, because RSK allows nodes to have partial blockchain history.

The scaling problem appears at different bottlenecks: historic blocks storage, state storage, CPU and bandwidth. The historic block scaling problem can be easily tackled by distributed peer-to-peer blockchain-sharing, similar to file-sharing techniques in use today. We will also protect historic data incentivizing full-nodes by the PoUBS (proof-of-unique-blockchain storage) protocol.

The problem of growing verification state is partially solved by contract storage rent, which forces contracts and accounts to periodically pay a rent for the storage they use that is required during transaction verification.

The problem of CPU scaling is essentially the problem of transaction serialization and it is addressed by giving miners an additional task: the creation of efficient schedules for the execution of block transactions tailored for multi-core systems. Every block has an associated execution schedule, created by the miner to minimize transaction execution time.

Bandwidth is currently almost not a problem for scaling, once you adopt common efficiency improvements such as compact blocks, and also because RSK transactions are normally much shorter than Bitcoin counterparts.

Smart contracts are generally more associated with Ethereum than Bitcoin. You’ve made the conscious decision to keep RSK compatible with Ethereum – so do you see the platforms somehow working side by side rather than being in direct competition with each other?

SDL: I see there will be much more collaboration than competition. At RSK we’re are focused on financial inclusion and financial applications, while my perception is that Ethereum community is more focused on non-financial uses of the blockchain. At this point in history, having more compatible smart contract platforms means we can reach more developers under a single programming tool chain, create more use cases and evangelize to more people about the potential of this technology. Maybe in five years there will be some market consolidation, but I doubt it. Both platforms will grow. Having multiple platform choices means that if any of them fails, users can still easily port their applications to another platform.

Ethereum wouldn’t have been possible without Bitcoin, and RSK wouldn’t have been possible without Ethereum, and many other ideas. Ethereum can take some ideas from our platform. For example, we’ll be launching our platform with two completely new features: storage rent, and automatic contract hibernation. So Ethereum has an excellent opportunity to learn from our mistakes and success, as we’ve learned from Ethereum mistakes and success.

Being compatible at the web3/EVM layers means more users, more applications, more learning material, and more collaboration between Bitcoiners and the Ethereum community.

Who else is part of the current RSK team?

The Core team currently comprises five founders (most with C.S. backgrounds), seven software engineers, two business developers, a community manager, and other administrative and legal staff. The big team includes our partners, such as Koibanx, and other companies which we outsource development to, such as Coinfabrik.

What are the plans for RSK over the next 12-18 months?

SDL: The next and most important milestone is Ginger, the production release of our platform, planned for May. Six months afterwards awaits Bamboo, the first and most important upgrade of our platform to support more privacy and more scalability, the federation backup mining system, and the federation oracle services. Also in Bamboo we’ll launch a governance model for the RSK platform nourished from all actors in the RSK ecosystem: users, miners, federation members, companies, foundations and the core development team. During the 18 months we’ll be also adding more members to the RSK federation, as well as more merge-mining hashing power, until we reach our target for financial contracts security. Finally, we’ll be working close to our community through different channels, such as the RSK University and RSK ambassador program.